Analysis
-
max time kernel
2s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 02:45
Behavioral task
behavioral1
Sample
24ff9b9bca562b45e9fa179f58a43eb9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
24ff9b9bca562b45e9fa179f58a43eb9.exe
Resource
win10v2004-20231215-en
General
-
Target
24ff9b9bca562b45e9fa179f58a43eb9.exe
-
Size
302KB
-
MD5
24ff9b9bca562b45e9fa179f58a43eb9
-
SHA1
99f2b5a26ee367d533d46a328a37f61363cbdce0
-
SHA256
eba63bf7d5f52fbd6a089d9214788931c0e66b44863af5561300918ae5861c2d
-
SHA512
6c417fa9be47b6ca2ec077c251a48513152fd4931a3b0cf372b4f01054745389fcb0f418820d1113b0499bd5ccc3a7777df6ce76ecf79647cc03b4f2c5e71236
-
SSDEEP
6144:RYQ+h6SbSHuwuUFz12ubp57KJazL7lkW492uCcBKdHUmQ:F+DmMG12w57KJa37ljiKd0m
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2076 24ff9b9bca562b45e9fa179f58a43eb9.exe -
Executes dropped EXE 1 IoCs
pid Process 2076 24ff9b9bca562b45e9fa179f58a43eb9.exe -
Loads dropped DLL 1 IoCs
pid Process 2024 24ff9b9bca562b45e9fa179f58a43eb9.exe -
resource yara_rule behavioral1/memory/2024-0-0x0000000000400000-0x00000000004E0000-memory.dmp upx behavioral1/files/0x000c0000000122bb-11.dat upx behavioral1/files/0x000c0000000122bb-15.dat upx -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2024 24ff9b9bca562b45e9fa179f58a43eb9.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2024 24ff9b9bca562b45e9fa179f58a43eb9.exe 2076 24ff9b9bca562b45e9fa179f58a43eb9.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2024 wrote to memory of 2076 2024 24ff9b9bca562b45e9fa179f58a43eb9.exe 16 PID 2024 wrote to memory of 2076 2024 24ff9b9bca562b45e9fa179f58a43eb9.exe 16 PID 2024 wrote to memory of 2076 2024 24ff9b9bca562b45e9fa179f58a43eb9.exe 16 PID 2024 wrote to memory of 2076 2024 24ff9b9bca562b45e9fa179f58a43eb9.exe 16
Processes
-
C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe"C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2024 -
C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exeC:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2076
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD524f4eb0a7f15ef64a98f87118992eefa
SHA179dd12ebeefeb5a2daf21514e0498d3b76b7c6b4
SHA25694330e56fa58052a7315be4f3778381baa09c5033849a6a814a410cab6cb524d
SHA512d762a72229040e3d1169f4f0e6118809476700a3ccfb5363f1e8c3c8a0011963b09969b15727b8f9d46978ea21ba29738481044fbca75981290aafd57808c568